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Question: 1 


Which option describes traffic that will initiate a VPN connection? 


A. Internal 
B. External 
C. Trusted 
D. Interesting 


Answer: D 


Question: 2 


An engineer is using DMvPN to provide secure connectivity between a data center 
and remote sites. Which two routing protocols are recommended for use between 
the routers? (choose two) 


A. IS-IS 
B. EIGRP 
C. BGP 
D. RIPv2 
E. OSPF 


Answer: BC 


Question: 3 


An engineer is troubleshooting VPN connectivity issues between a PC and ASA 
using Cisco AnyConnect IPSec IKEv2. Which requirement must be satisfied for 
proper functioning? 


A. The connection must use EAP- AnyConnect 

B. Profile and binary updates must be downloaded over IPSec 
C. The SAN must be used as the CN for the ASA side certificates 
D. PC certificate must contain the server auth EKU 


Answer: A 
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Question: 4 


A company wants to validate hosts before allowing them on the network via remote access VPN. 
Which Dynamic Access Policies (DAP) method provides additional host level validation? 


A. Hostname check 
B. File check 

C. Folder check 

D. TACACS check 


Answer: B 


Question: 5 


Which option is a required element of Secure Device Provisioning communications? 


A. The certificate authority 
B. The introducer 

C. The requestor 

D. The registration authority 


Answer: B 


Question: 6 


DRAG DROP 
Drag and drop the debug messages on the left onto the associated function during trouble shooting 
on the right. 
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Answer: 


Question: 7 


A customer requires site-to site VPNs to connect to third party business partners 
and has purchased two ASAs. The customer requests an active/active 
configuration. Which mode is needed to support an active /active solution? 
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A. Single context 

B. PAT context 

C. Multiple context 
D. NAT context 


Answer: C 


Question: 8 


Which two components are requires for a Cisco |OS-based PKI solution? (choose 
two) 


A. RADIUS server 

B. FTP/HTTP server 

C. NTP 

D. Certificate authority 
E. Preshared key 


Answer: CD 


Question: 9 


An engineer has successfully established a phase 1 tunnel, but notices that no 
packets are decrypted on the headend side of the tunnel. What is a potential cause 
for this issue? 


A. Firewall blocking Phase 2 ESP or AH 
B. Misconfigured DH group 

C. Disabled pFS 

D. Different Phase 2 encryption 


Answer: A 


Question: 10 


While attempting to establish a site-to-site VPN, the engineer notices that phase 1 
of the VPN tunnel fails. The engineer wants to run a capture to confirm that the 
outside interface is receiving phase1 information from the third party peer 
address. Which command must be run on the ASA to verify this information? 


A. Capture capin interface outside match udp any eq 123 any eq 123 


B. Capture capin interface outside match ipsec any any 
C. Capture capin interface outside match ah any any 
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D. Capture capin interface outside match udp any eq 500 any eq 500 
E. Capture capin interface outside match gre any any 


Answer: D 
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